Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support X-Forwarded-* header in OriginalUrlExtractor

See original GitHub issue

Description

I added the following ACL file to my deployment to avoid that people put stuff in my server:

# Root ACL resource for the agent account
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

# The homepage is readable by the public
<#public>
    a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:mode acl:Read.

# The owner has full access to every resource in their pod.
# Other agents have no access rights,
# unless specifically authorized in other .acl resources.
<#owner>
    a acl:Authorization;
    acl:agent <http://dylanvanassche.inrupt.net>;
    # Optional owner email, to be used for account recovery:
    acl:agent <mailto:me@dylanvanassche.be>;
    # Set the access to the root storage folder itself
    acl:accessTo <./>;
    # All resources will inherit this authorization, by default
    acl:default <./>;
    # The owner has all of the access modes allowed
    acl:mode
        acl:Read, acl:Write, acl:Control.

When I try to use Penny to view my data as a logged-in user, I get:

And the following in my server logs:

2021-03-02T14:27:29.395Z [DPoPWebIdExtractor] warn: Error verifying WebID via DPoP-bound access token: Incorrect issuer https://inrupt.net/ for WebID https://dylanvanassche.inrupt.net/profile/card#me

Steps to reproduce

Setup the SOLID Community Server
Push the ACL file with a HTTP PUT command
Open Penny, authenticate with your external SOLID WebID
Try to view your data by entering the server URL in the URL bar of Penny.

Environment

Community Server main branch 02/03/2021 (e3cf2f9469fdeb7abf2916209be3443e8bee3d87) at https://data.dylanvanassche.be
Inrupt WebID provider: https://dylanvanassche.inrupt.net
Armbian 21.02.2 Focal
Odroid HC2 (armv7)
Penny (https://penny.vincenttunru.com)

Issue Analytics

State:
Created 3 years ago
Comments:13 (13 by maintainers)

Top GitHub Comments

1reaction

RubenVerborghcommented, Mar 3, 2021

@DylanVanAssche Thanks, turned this into a feature request.

0reactions

DylanVanAsschecommented, Mar 3, 2021

I was just about the post that workaround 😃 I literally found it a couple of minutes ago

This configuration works with Penny as external data browser 🎉

image = "dylanvanassche/css:main" # Docker image
args = ["-c", "/config/config.json", "-b", "https://data.dylanvanassche.be"] # Arguments
tags = [ # Tags for Traefik Let's Encrypt, hostname and custom header middleware
  "traefik.enable=true",
  "traefik.http.routers.css.entryPoints=https",
  "traefik.http.routers.css.rule=Host(`data.dylanvanassche.be`)",
  "traefik.http.routers.css.tls=true",
  "traefik.http.routers.css.tls.certresolver=letsencrypt",
  "traefik.http.routers.css.middlewares=css",
  "traefik.http.middlewares.css.headers.customrequestheaders.Forwarded=proto=https",
]

FYI: Without -b https://data.dylanvanassche.be I get:

InternalServerError: https://data.dylanvanassche.be/ is not supported
    at SingleRootIdentifierStrategy.getParentContainer (/community-server/dist/util/identifiers/BaseIdentifierStrategy.js:14:19)
    at WebAclAuthorizer.getAclRecursive (/community-server/dist/authorization/WebAclAuthorizer.js:186:48)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async WebAclAuthorizer.handle (/community-server/dist/authorization/WebAclAuthorizer.js:41:23)
    at async AuthenticatedLdpHandler.runHandlers (/community-server/dist/ldp/AuthenticatedLdpHandler.js:75:35)
    at async AuthenticatedLdpHandler.handle (/community-server/dist/ldp/AuthenticatedLdpHandler.js:46:61)
    at async SequenceHandler.handle (/community-server/dist/util/handlers/SequenceHandler.js:27:26)
    at async Server.<anonymous> (/community-server/dist/server/BaseHttpServerFactory.js:25:17)